Will rclone --ignore-existing prevent ransomware damages?

Question

I am rclone backing up files multiple times a day. I would like my backup server to be a recovery point from ransomware or any other error.

Am I correct that if I do a

rclone copy --ignore-existing

, my backup server is safe from the ransomware. If all of my files on my main server get encrypted the file name would stay the same and they wouldn't overwrite my backup server files with the encrypted files because I have --ignore-existing. It will ignore any size/time/checksum changes and not transfer those files over because they already exist on the back up? It won't transfer over the encrypted files that overwrite my existing good files?

I could then delete my main server and copy everything from my recovery over to the main and restore everything?

Answer 1

I just read the rclone documentation and it looks like the --ignore-existing is almost especially for preventing ransomware/encryption attacks according to the docs:

--ignore-existing Using this option will make rclone unconditionally skip all files that exist on the destination, no matter the content of these files.

While this isn't a generally recommended option, it can be useful in cases where your files change due to encryption. However, it cannot correct partial transfers in case a transfer was interrupted.

So I think it will work to prevent that.